[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
Cameron Christensen
cameron.christensen at uk2group.com
Fri Nov 14 15:39:54 UTC 2014
Hello,
I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
Starting up ovrit-engine the extension manager fails to properly load
the service that handles Kerberos/LDAP.
engine.log:
...
2014-11-10 11:29:25,106 INFO
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (MSC service
thread 1-10) Start initializing ExecutionMessageDirector
2014-11-10 11:29:25,108 INFO
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (MSC service
thread 1-10) Finished initializing ExecutionMessageDirector
2014-11-10 11:29:25,145 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'builtin-authn-internal'
2014-11-10 11:29:25,146 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-internal' loaded
2014-11-10 11:29:25,148 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'internal'
2014-11-10 11:29:25,150 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'internal' loaded
2014-11-10 11:29:25,154 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'builtin-authn-EXAMPLE.ORG'
2014-11-10 11:29:25,215 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-EXAMPLE.ORG' loaded
2014-11-10 11:29:25,218 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'EXAMPLE.ORG'
2014-11-10 11:29:25,264 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'EXAMPLE.ORG' loaded
2014-11-10 11:29:25,265 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'EXAMPLE.ORG'
2014-11-10 11:29:25,265 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'EXAMPLE.ORG' initialized
2014-11-10 11:29:25,266 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'builtin-authn-internal'
2014-11-10 11:29:25,266 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-internal' initialized
2014-11-10 11:29:25,267 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'builtin-authn-EXAMPLE.ORG'
2014-11-10 11:29:25,267 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-EXAMPLE.ORG' initialized
2014-11-10 11:29:25,268 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'internal'
2014-11-10 11:29:25,268 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'internal' initialized
2014-11-10 11:29:25,268 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Start of enabled extensions list
2014-11-10 11:29:25,269 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'EXAMPLE.ORG', Extension name:
'Kerberos/Ldap Authz (Built-in)', Version: 'N/A', Notes: '', License:
'ASL 2.0',
Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0', File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,270 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'builtin-authn-internal', Extension name:
'Internal Authn (Built-in)', Version: 'N/A', Notes: '', License: 'AS
L 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0', File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,270 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'builtin-authn-EXAMPLE.ORG', Extension name:
'Kerberos/Ldap Authn (Built-in)', Version: 'N/A', Notes: '', Licen
se: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project',
Build interface Version: '0', File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,271 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'internal', Extension name: 'Internal Authz
(Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home:
'http://www.ovirt.org', Author 'The oVirt Project', Build interface
Version: '0', File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,272 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) End of enabled extensions list
2014-11-10 11:29:25,404 INFO
[org.ovirt.engine.core.bll.aaa.DbUserCacheManager] (MSC service thread
1-10) Start initializing DbUserCacheManager
2014-11-10 11:29:25,405 INFO
[org.ovirt.engine.core.bll.aaa.DbUserCacheManager] (MSC service thread
1-10) Finished initializing DbUserCacheManager
2014-11-10 11:29:25,414 INFO
[org.ovirt.engine.core.bll.tasks.AsyncTaskManager] (MSC service thread
1-10) Initialization of AsyncTaskManager completed successfully.
2014-11-10 11:29:25,416 INFO
[org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service thread
1-10) Start initializing ResourceManager
2014-11-10 11:29:25,458 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (DefaultQuartzScheduler_Worker-1) Failed to run command LdapSearchUserByQueryCommand. Domain is EXAMPLE.ORG. User is user1 at EXAMPLE.ORG.
2014-11-10 11:29:25,459 ERROR [org.ovirt.engine.core.bll.aaa.SyncUsers]
(DefaultQuartzScheduler_Worker-1) Error during user synchronization of
extension EXAMPLE.ORG. Exception message is No enum constant
org.ovirt.engine.extensions.aaa.bui
ltin.kerberosldap.LDAPSecurityAuthentication.
Trying to authenticate with user2 from IPA produces this error:
engine.log:
2014-11-10 11:30:08,777 ERROR
[org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-2) Failed to run command LdapAuthenticateUserCommand. Domain is EXAMPLE.ORG. User is user2.
2014-11-10 11:30:08,779 ERROR
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
(ajp--127.0.0.1-8702-2) Error during CanDoActionFailure.: Class: class
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input:
{Extkey[name=AAA_AUTHN_CREDENTIALS;type=class
java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=Kerberos/Ldap Authn (Built-in), Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=builtin-authn-EXAMPLE.ORG, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[, config.authn.user.password], Extkey[name=AAA_AUTHN_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd-46f2-83f9-3d3c54cf258d];]=12, Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=N/A, Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/Ldap Authn (Built-in).builtin-authn-EXAMPLE.ORG), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authn]}, Extkey[name=AAA_AUTHN_USER;type=class java.lang.String;uuid=AAA_AUTHN_USER[1ceaba26-1bdc-4663-a3c6-5d926f9dd8f0];]=user2, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHN_AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80244c]}
Output:
{Extkey[name=EXTENSION_INVOKE_RESULT;type=class
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=No enum constant org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LDAPSecurityAuthentication.}
engine-manage-domains shows the IPA domain but I cannot delete the
domain or edit it.
# engine-manage-domains list
Domain: EXAMPLE.ORG
User name: null
Manage Domains completed successfully
# engine-manage-domains delete --domain=EXAMPLE.ORG
Domain example.org doesn't exist in the configuration.
Any ideas on fixing?
Regards,
Cameron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ovirt.org/pipermail/users/attachments/20141114/6e96e38f/attachment-0001.sig>
More information about the Users
mailing list